Concur Invoice Professional Edition Administration Help

June 2021 Concur Expense Professional Edition Admin Summary

Initial Post

Release Note Summaries

The items in this section are summaries of the release notes for this month. The Professional Edition release notes are accessible from What's New - Professional Edition.

Authentication

**Ongoing** Deprecation of HMAC and Migration to SAML v2 and the SSO Self-Service Tool

These changes are part of the SAP Concur continued commitment to maintaining secure authentication.

SAP Concur support for Hash-Based Message Authentication Code (HMAC) is being deprecated. Travel Management Companies (TMCs) and SAP Concur personnel are currently assisting customers who use HMAC to migrate to SAP Concur SAML v2 SSO (SAML v2).

SAP Concur provides a Single Sign-On self-service option that enables client admins to setup their SAML v2 connections without involving an SAP Concur support representative.

For more information about the Single Sign-On self-service option, refer to the Shared: Single Sign-On Overview (English Only) and the Shared: Single Sign-On Setup Guide (English Only).

The HMAC deprecation includes two phases:

PHASE I:

  • Clients must have an identity provider (IdP) or a custom SAML 2.0 compliant solution.

  • Clients begin testing authentication using SAML v2.

  • TMCs prepare to onboard new SAP Concur clients to SAML v2.

  • Customers will be notified via release notes about the official deprecation date of HMAC. As of the official deprecation date, no new clients can be onboarded using HMAC; new clients must be onboarded to SAML v2.

  • Existing clients using HMAC must migrate to SAML v2.

PHASE II:

  • TMCs have migrated all existing SAP Concur clients from the HMAC service to SAML v2.

  • The HMAC service is deprecated. Phase II is targeted to end mid-year in 2021.

Business Purpose / Client Benefit: This change provides better security and improved support for users logging in to SAP Concur products and services.

Central Reconciliation

Can Configure New Matching Service for Cards

A new matching service is available for Central Reconciliation that utilises key data points in the card feed and custom fields to improve match rates. The service allows each card to use one of four matching strategies:

  • Reconcile on Employee – This is the default method of matching prior to the instruction of this new service for clients who use Concur Expense without Concur Request. This employee-based strategy searches for the Employee ID in configured field. This is the default strategy (not new) for clients who use Concur Expense without Concur Request.

  • Reconcile on Employee (Enhanced) – This strategy goes beyond the Reconcile on Employee method by continuing to loop all custom fields and financial data to match a valid unique target ID.

  • Reconcile on Request – This is the default method of matching prior to the instruction of this new service for clients who use Concur Request with Concur Expense. This request-based strategy searches for the Request ID in configured field. This is the default strategy (not new) for clients who use Concur Expense with Concur Request.

  • Reconcile on Request (Enhanced) – This strategy goes beyond the Reconcile on Request method by continuing to loop all custom fields and financial data to match a valid unique target ID.

Expense Claims from Concur Request

New Admin Settings

These changes are part of the NextGen UI experience.

Two new settings in Concur Request can impact Concur Expense:

  • Auto-Create Claim - Expense claims are automatically created from approved requests, based on the request’s start date

  • Create Claim from Request with Expected Expenses - Expense claims created from a request may optionally create expenses based on the request’s expected expenses

The path to these settings is Administration > Request > Request Policies.

Business Purpose / Client Benefit: Since the admin for Concur Request may be a different person from the admin for Concur Expense, this release note informs the Concur Expense admin of these new settings.

For more information, refer to the Concur Request Professional Release Notes (English only).

Business Purpose / Client Benefit: This service reduces unmatched invoices and provides flexible (per-card) strategies for clients who use Central Reconciliation.

File Transfer Updates

**Ongoing** Mandatory SFTP with SSH Key Authentication

This release note is intended for technical staff responsible for file transmissions with SAP Concur products. For SAP Concur customers and suppliers participating in data exchange through various secure file transfer protocols, SAP is making changes that provide greater security for those file transfers.

As of 10 April 2021, non-SFTP (Secure File Transfer Protocol) protocols and SFTP password authentication are not allowed to connect to SAP Concur for file transfers:

  • Non-SFTP file transfer accounts must switch to SFTP with SSH Key Authentication.

  • SFTP file transfer accounts that use password authentication must switch to SSH key authentication.

  • SFTP password reset requests require the client to provide an SSH key for authentication.

On 12 April 2021, SAP started disabling non-compliant file transfer connections. The process of disabling non-compliant accounts will continue throughout 2021. If you have multiple file transfer connections configured, this change applies to all of your file transfer connections.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

  • st-eu.concursolutions.com

  • vs.concursolutions.com

  • vs.concurcdc.cn

Business Purpose / Client Benefit: These changes provide greater security for file transfers.

**Ongoing** SAP Concur Legacy File Move Migration

This Release Note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and suppliers participating in data exchange, SAP Concur is maintaining our file transfer subsystem to provide greater security for those file transfers.

SAP Concur is in the process of migrating entities that currently use a legacy process for moving files to a more efficient and secure file routing process that relies on APIs.

Clients whose entities are currently configured to use the legacy process will be migrated to the more efficient process sometime between now and 31 July 2021. After they are migrated to the more efficient process, clients will see the following improvement:

  • With the legacy process, clients had to wait for the file move schedule to run at a specified time. With the more efficient and secure API-based process, extracts and other outbound files from SAP Concur will be available within the existing overnight processing period shortly after the files are created.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

Business Purpose / Client Benefit: These changes provide greater security and efficiency for file transfers.

Rotating PGP Key Available for File Transfers

Files transferred to SAP Concur products must be encrypted with the SAP Concur public PGP key, concursolutionsrotate.asc.

concursolutionsrotate.asc

  • Key file is available in client’s root folder

  • Key ID 40AC5D35

  • RSA 4096-bit signing and encryption subkey

  • Key expires every 2 years

  • Client is responsible for replacing the key before it expires

    • Next expiry date: 4 September 2022

    • SAP Concur plans to replace the current rotating public PGP key in the client’s root folder 90 days before the expiration date

The SAP Concur legacy PGP key (key ID D4D727C0) remains supported for existing clients but will be deprecated in the future.

SAP Concur strongly recommends that clients use the more secure rotating public PGP key for file transfers. To facilitate the use of the more secure rotating public PGP key for file transfers, SAP Concur added the key to existing client’s home folders on Friday 15 January 2021.

This announcement pertains to the following file transfer DNS endpoints:

  • st.concursolutions.com

  • mft-us.concursolutions.com

  • vs.concursolutions.com

  • st-eu.concursolutions.com

  • mft-eu.concursolutions.com

Business Purpose / Client Benefit: The rotating public PGP key provides greater security for file transfers.

Localisation

Translations for Cash Advance Term

With the June release, SAP Concur is changing the following terms in the Brazilian Portuguese version of the SAP Concur user interface to bring consistency in translation of the term “Cash Advance”:

English Term

Current BR Portuguese Term

Updated BR Portuguese Term

Cash Advances

Adiantamentos de viagem

Adiantamentos

Cash Advance

Adiantamento em espécie

Adiantamento

Business Purpose / Client Benefit: These revisions provide a more accurate translation and improved user experience in Brazilian Portuguese.

Miscellaneous

Updated Naming Convention for Sub-URLs

As part of our overall cloud platform strategy, SAP is implementing a more consistent naming convention for the URLs used to connect to SAP Concur solutions, based on data centre. Users will continue to be able to access www.concursolutions.com and will be routed automatically to the correct URL or single sign-on (SSO) as part of their sign-in process.

For more information about our overall cloud platform strategy, refer to the SAP Concur Cloud Platform Strategy FAQ (English only).

No customer data is planned to leave the North America or EMEA regional data centre to which it is assigned at any time before, during or after this change.

TARGETED FOR MID-JUNE 2021

  • SAP will deploy us.concursolutions.com. It is functionally identical to the existing www.concursolutions.com.

  • SAP will deploy eu.concursolutions.com. It is functionally identical to the existing eu1.concursolutions.com.

TARGETED FOR MID-JUNE 2021

  • SAP will deploy us2.concursolutions.com and eu2.concursolutions.com, and plans to use these URLs for future customer migration to the AWS cloud platform.

    For more information, refer to the SAP Concur Cloud Platform Strategy FAQ (English only).

  • SAP will update www.concursolutions.com to automatically redirect users to the appropriate URL or SSO. Users will be directed to their established home data centre (for example, eu.concursolutions.com, eu2.concursolutions.com, us.concursolutions.com or us2.concursolutions.com). No customer data is planned to leave the North America or EMEA regional data centre to which it is assigned at any time before, during or after this change.

RESTRICTED ACCESS / ALLOW LISTS

In rare cases, clients who restrict or filter access from their corporate network to specific URLs might need to update their configuration to enable users to connect to the new URLs. For example, clients who have an allow list configured, might need to add the new URLs to their list. The information in this release note should be made available to your technical resource so that they can take appropriate action to allow access to these new URLs.

Business Purpose / Client Benefit: This change supports future URL consistency across all global regions, and a central URL that redirects users to the appropriate data centre.

NextGen UI

**Ongoing** Updated User Interface (UI) for Concur Expense End Users

The continued evolution of the Concur Expense solution user interface experience is the result of thoughtful design and research that provides a modern, intuitive and streamlined experience for creating and submitting expense claims.

Concur Expense customers have the ability to preview and then opt in to the NextGen UI before the mandatory move.

Business Purpose / Client Benefit: The result is the next generation of the Concur Expense user interface designed to provide a modern, consistent and streamlined user experience. This technology not only provides an enhanced user interface, but also allows us to react more quickly to customer requests to meet changing needs as they happen.

Security

**Ongoing** Changes to Some Email Subdomains

SAP is adopting the Domain-based Message Authentication (DMARC) email security protocol for all email sent from SAP. As a result, the email addresses for some email sent from SAP Concur organisations will no longer be sent from the @sap.com root domain, but will instead be sent from a subdomain of sap.com, such as @example.sap.com where “example” is the subdomain.

If your organisation maintains an allow list for email addresses, you can update your allow list to include email from the following domains to ensure that you receive emails sent from the sap.com root domain and subdomains of the sap.com root domain:

  • @info.sap.com

  • @mail.sap.com

  • @*sap.com

    • If your internal configuration allows it, adding @*sap.com can minimise the need for future updates by allowing all emails from the sap.com domain and from subdomains of the sap.com domain. For example, if your allow list includes @*sap.com, you do not need to add @info.sap.com or @mail.sap.com because @*sap.com encompasses those subdomains.

The following types of email communications from SAP Concur solutions are not impacted by this change:

  • 1:1 email communication that you have with your SAP Concur account team or other SAP representatives. These emails will continue to come from @sap.com.

  • System emails (for example, expense claim approvals and travel bookings) that come from concursolutions.com, tripit.com or other SAP Concur products and solutions

  • SAP Concur support updates (such as case notifications)

Business Purpose / Client Benefit: DMARC compliance provides better security for emails sent from SAP to its customers.

Web Services Administration

**Ongoing** Application Connector Username and Password Length Requirements Updated

Starting 31 August 2021, the length of the username and password associated with an application connector must be at least 10 characters long and not more than 50 characters long. To avoid disruption of callouts through application connections, usernames and passwords that do not meet these requirements must be updated before 31 August 2021.

Application connection usernames and passwords can be updated by an administrator with the Company Admin or Web Services Admin role.

Business Purpose / Client Benefit: Enforcing password and username length restrictions improves the security standards for callouts made through the application connector.

Planned Change Summaries

The items in this section are summaries of the changes targeted for future releases. SAP Concur reserves the right to postpone implementation of – or completely remove – any enhancement/change mentioned here.

IMPORTANT: These Planned Changes may not be all of the upcoming enhancements and modifications that affect this SAP Concur product or service. The Planned Changes that apply to multiple SAP Concur products and/or services are in a consolidated document. Please review the additional Planned Changes admin summaries available in the June 2021 Shared Planned Changes Professional Edition Admin Summary.

Audit Rules

**Planned Changes** Image Certification Date (e-Bunsho) (by Q3 2021)

Administrators will be able to configure audit rules based on the date value in the Image Certification Date field. Once the audit rule is configured, administrators will be able to compare the receipt timestamp date to the expense entry transaction date and send alerts to users/groups and stop the flow of expense claims when regulations are not met.

Currently, the Image Certification Date field is the e-Bunsho timestamp date used in Japan.

Image Certification Date field considerations:

  • Field calculation is based on the calendar day (business day logic is not included).

  • Dates used in the number of day calculation are based on the GMT time zone. We recommend making audit rules for one day less than desired to account for the time difference between the GMT and JST time zones.

  • Audit rules and compliance validations will be based on information provided by the user for the transaction date. Because users can edit transaction dates, it is the user’s responsibility to ensure the transaction date is accurate based on receipt information.

  • Admins will have the ability to create multiple audit rules for comparing the transaction date with the receipt timestamp date.

This field will be available to new and existing clients.

This feature will release by Q3 2021.

Business Purpose / Client Benefit: Configuring audit rules for this field will help reduce manual reviews needed to compare the number of calendar days between the expense entry transaction date and the receipt timestamp date.

Cards

**Planned Changes** Redirect Funds in NextGen UI with New Look (22 Jun)

These changes are part of the NextGen UI experience.

This feature allows clients who have migrated to the NextGen UI for Concur Expense (NGE) to be able to use the Redirect Funds option. Redirect Funds has been updated with a new look and more logical placement in the flow of the expense claim submission process. While the user interface (UI) has been improved with new elements and messaging, the basic functionality of redirecting funds to a card payment remains the same.

The Redirect Funds option allows an employee to "redirect" payments due from the company to the employee to instead be paid to the card provider on behalf of the employee. This option is only available to an employee with an Individually Billed/Company Paid (IBCP) card where the employee is expected to pay the card provider directly for personal charges.

Redirect Funds includes the following enhancements:

  • Move of the user input from the claim header to the claim totals page shown during the claim submission process. The new design puts redirect funds into the submission process so that it is presented to the user at the right moment to know what amount is possible for redirection and thus logically make the choice

  • Inactive card accounts are filtered out of the list of available cards for selection

  • View of currency exchange rate and amount information when the card account currency is different than the user's reimbursement currency, to aid the user in typing in an appropriate amount in card currency that will be redirected.

Business Purpose / Client Benefit: This saves time for the user since it allows reimbursement to be conveniently directed to cover personal charges on the card when submitting an expense claim.

This aids the company card programme administrator by making it easier for users to pay and thus keep their card accounts current.

Expense Claims

**Planned Changes** Edit Multiple Expenses and Itemisations (22 Jun)

These changes are part of the NextGen UI experience.

This feature will allow users to select multiple expenses in an expense claim and edit common elements across all lines at once.

Business Purpose / Client Benefit: This functionality simplifies repetitive data entry for expense claims and streamlines expense claim creation for users.

Mileage

**Planned Changes** New Mileage Features

SAP Concur continues to work on this change. With the next release, this information will be removed. When this change gets closer to a release date, this information will again appear in the release notes document.

Miscellaneous

**Planned Changes** 5-Star Rating Replaced with New Survey

Starting 1 August 2021, Concur Expense end users will see a new survey when submitting expense claims.

Currently, after submitting an expense claim, a message appears intermittently asking the user to rate their experience from 1 to 5 stars. Starting 1 August, after submitting an expense claim, a short survey will intermittently appear enabling the user to provide feedback on their experience.

Business Purpose / Client Benefit: The new survey will collect more actionable feedback that can be used by the SAP Concur product teams to prioritise and improve the features they deliver.

Profile

**Planned Changes** (Canada) New Personal Address Requirements for Bank Information

For Canadian users who enter or update their Bank Information page in Profile, new fields will display. Some of the new fields will be required to comply with local banking regulations.

The following fields are impacted by this change:

  • Personal Address Line 1 (required)

  • Personal Address Line 2 (optional)

  • City (required)

  • Province (required)

  • Postal Code (required)

Business Purpose / Client Benefit: Concur Expense must contain all information that may be required for payment processing.

Standard Accounting Extract

**Planned Changes** Change to the PAID_DATE Field

In the Standard Accounting Extract (SAE), currently the value of the PAID_DATE field may be either the date on which the claim is extracted, or the date on which the payment is confirmed. We plan to change the SAE (versions 2 and 3) so that this date is always the date that the claim is extracted and not overwrite the value with the date that the payment confirmation is received.

More information will be provided in future versions of these release notes.

Business Purpose / Client Benefit: This change targets improving analytics and other use cases for anyone relying on the value in this field.

Client Notifications

The items in this section provide reference material for all clients.

Accessibility Updates

SAP implements changes to better meet current Web Content Accessibility Guidelines (WCAG). Information about accessibility-related changes made to SAP Concur solutions is published on a quarterly basis. You can review the quarterly updates on the Accessibility Updates page.

SAP Concur Non-Affiliated Subprocessors

The list of non-affiliated subprocessors is available here: SAP Concur list of Subprocessors (English Only)

Monthly Browser Certifications

Monthly browser certifications, both current and planned, are available with the other SAP Concur monthly release notes, accessible from What's New - Professional Edition